1. Home
  2. CVE Database
  3. CVE-2016-7078
MEDIUM · 4.3

CVE-2016-7078

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resource...

Vulnerability Description

foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
TheforemanForeman1.15.0

Related Weaknesses (CWE)

CWE-285CWE-200

References

FAQ

What is CVE-2016-7078?

CVE-2016-7078 is a vulnerability with a CVSS score of 4.3 (MEDIUM). foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resource...

How severe is CVE-2016-7078?

CVE-2016-7078 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-7078?

Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman.